Responsible for analyzing the enterprise's information security environment and recommending security measures and technology to safeguard information assets. Develops and implements information security solutions across the enterprise specially SIEM & DLP. Researches, architects, and promotes new technologies and security products that support enterprise security requirements for our employees, customers, business partners, and vendors. Serves as an expert in network, OS, and application development security efforts.
Persons is also expected to drive ISO27001 readiness program. In that regards, he needs to provide security and compliance guidance to project teams and IT security policies, controls, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks. Mitigates identified risks through incident handling and forensics (including emergency response). Conducts and/or participates in application risk assessments to ensure adequate security posture. Facilitates & implements technology security controls to protect sensitive information from unauthorized access, disclosure, modification, or destruction. Security breach management research and remediation.
Duties & Responsibilities:
1. Evaluate next generation SIEM & DLP technologies with partners
2. Understand IT environment, current threat landscape & create a road-map for cyber-security operations center
3. Integrate & roll out full-fledged Security Operations Center
4. Provide administration oversight for SOC & suggest improvements on timely basis
5. Prove effectiveness of implemented SIEM & DLP solutions
6. Integrate threat intelligence into SOC
7. Run ISO27001 rollout & ISMS sustenance program
Technical/ Functional competencies:
Broad knowledge of IT risk system controls (e.g. CISSP domains) and knowledge to identify technical, operational and business risks
Understanding of project management methodologies
2-3 years hands on experience in implementing & maintaining SIEM & DLP technologies
Ability to perform risk assessments on proposed technical solutions, identify risks and propose solutions to mitigate risk
Knowledge of third party auditing and cloud risk assessment methodologies
Maintain ISMS documentations, facilitate internal audit assessment & remediate gaps with stakeholders
Third party, technology, and project risk assessment experience.
Experience with SIEM, DLP tools.
Experience in implementing ISO27001.
6-8 year experience in Risk Management.
Tata Leadership Practices:
Drive for Results